Can Ocelot support SSO and JWT authentication both at same time? #2013

Answered by raman-m

HorstWang asked this question in Q&A

HorstWang
Oct 28, 2020

Hello,

I have added a JWT authentication to my Ocelot gateway to verify JWT token issued by Azure Active Directory and it works fine.
But I want to do even more to add an OpenID Connect integration with Azure Active Directory, so that Ocelot can redirect to login for unauthenticated users and automatically acquire access token on custom scope and maintain this token in user's session and refresh it when needed, so that we can completely off load authentication code out of our applications to Ocelot gateway.
I don't know if this is supported on Ocelot.
Would you give us some suggestion?

Answered by raman-m

@HorstWang
Hi Horst!
Use Ocelot feature

Multiple Authentication Schemes

This feature is available starting version 23.0
FYI You could develop a solution based on ASP.NET native feature called Authentication Policies.

View full answer

Replies: 2 comments 1 reply

gao-artur
Oct 30, 2020

I think this approach should solve your problem:

https://stackoverflow.com/questions/61020375/using-multiple-authorization-providers-cookie-auth-and-open-id-connect/61029461#61029461

You should use "AuthenticationProviderKey" : "dynamic" in ocelot.json

1 reply

raman-m Mar 27, 2024
Maintainer

Yes, defining authentication policy is an option. And this is native asp.net feature.
We have another Ocelot's feature, see ->

Multiple Authentication Schemes

raman-m
Mar 27, 2024
Maintainer

@HorstWang
Hi Horst!
Use Ocelot feature

Multiple Authentication Schemes

This feature is available starting version 23.0
FYI You could develop a solution based on ASP.NET native feature called Authentication Policies.

0 replies

Answer selected by raman-m

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment